HCL Launch is vulnerable to Insufficiently Protected LDAP Search Credentials (CVE-2022-42445)
CVE-2022-42445

4.9MEDIUM

Key Information:

Vendor: Hcl Software
Status: Hcl Launch
Vendor: CVE Published:; 12 December 2022

Summary

HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches.

Affected Version(s)

HCL Launch 6.2.7.0 - 6.2.7.17, 7.0.0.0 - 7.0.5.12, 7.1.0.0 - 7.1.2.8, 7.2.0.0 - 7.2.3.1

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2022
Vulnerability Reserved
Oct 6, 2022